More stories about Marsh

Microsoft and Marsh examine cyber risk management

Cyber is no longer the “hot new product” in insurance circles – it’s now the new “must have” among businesses. For proof, look no further than a new global survey just released by broking giant Marsh and software heavyweight Microsoft.

The survey, which involved more than 1,300 senior executives, saw two thirds rank cybersecurity among their organisation’s top five risk management priorities – that’s around double the response compared to a year ago. In addition, 75% identified business interruption as the cyber loss scenario likely to have the greatest impact on their firm – getting ahead of the 55% who pointed to breach of customer information, which was historically seen as the focus for most organisations.

Still, despite an apparent growing awareness, only 19% of respondents said they are highly confident in their organisation’s ability to mitigate and respond to a cyber event. Moreover, only 30% said they have developed a plan to respond to cyberattacks.

“Cyber risk is an escalating management priority as the use of technology in business increases and the threat environment gets more complex,” said John Drzik, president, global risk and digital, Marsh. “It’s time for organisations to adopt a more comprehensive approach to cyber resilience, which engages the full executive team and spans risk prevention, response, mitigation and transfer.”

Risk quantification is now seen as a vital step towards dealing with cyber risk – the survey showed that less than 50% believe their organisation estimates financial losses from a potential cyber event and indeed only 11% make estimates in economic terms. The calculations are viewed as a key step in addressing investment decisions.

Similarly, cyber risk management responsibilities continue to be placed on the shoulders of IT departments - 70% pointed to IT as a primary owner and decision-maker for cyber risk management, compared to just 37% who cited the president/CEO or the board of directors.

“While technology is the foundation of any good cybersecurity strategy, companies can benefit from investing in non-technology solutions like risk management as part of a holistic approach,” said Matt Penarczyk, vice president and deputy general counsel, Microsoft. “Through advanced technology, tools and training, for example, companies can better protect the data in their networks and be ready for the business interruptions and reputational risks associated with cyberattacks.”